diff options
Diffstat (limited to 'src/lib/libssl/ssl_lib.c')
| -rw-r--r-- | src/lib/libssl/ssl_lib.c | 220 |
1 files changed, 110 insertions, 110 deletions
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 036a13b36a..c29d6225df 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_lib.c,v 1.134 2017/01/23 05:13:02 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_lib.c,v 1.135 2017/01/23 06:45:30 beck Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -200,31 +200,31 @@ SSL_clear(SSL *s) | |||
| 200 | } | 200 | } |
| 201 | 201 | ||
| 202 | s->error = 0; | 202 | s->error = 0; |
| 203 | s->hit = 0; | 203 | s->internal->hit = 0; |
| 204 | s->shutdown = 0; | 204 | s->internal->shutdown = 0; |
| 205 | 205 | ||
| 206 | if (s->renegotiate) { | 206 | if (s->internal->renegotiate) { |
| 207 | SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); | 207 | SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR); |
| 208 | return (0); | 208 | return (0); |
| 209 | } | 209 | } |
| 210 | 210 | ||
| 211 | s->type = 0; | 211 | s->internal->type = 0; |
| 212 | 212 | ||
| 213 | s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); | 213 | s->state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT); |
| 214 | 214 | ||
| 215 | s->version = s->method->version; | 215 | s->version = s->method->version; |
| 216 | s->client_version = s->version; | 216 | s->client_version = s->version; |
| 217 | s->rwstate = SSL_NOTHING; | 217 | s->internal->rwstate = SSL_NOTHING; |
| 218 | s->rstate = SSL_ST_READ_HEADER; | 218 | s->rstate = SSL_ST_READ_HEADER; |
| 219 | 219 | ||
| 220 | BUF_MEM_free(s->init_buf); | 220 | BUF_MEM_free(s->internal->init_buf); |
| 221 | s->init_buf = NULL; | 221 | s->internal->init_buf = NULL; |
| 222 | 222 | ||
| 223 | ssl_clear_cipher_ctx(s); | 223 | ssl_clear_cipher_ctx(s); |
| 224 | ssl_clear_hash_ctx(&s->read_hash); | 224 | ssl_clear_hash_ctx(&s->internal->read_hash); |
| 225 | ssl_clear_hash_ctx(&s->write_hash); | 225 | ssl_clear_hash_ctx(&s->internal->write_hash); |
| 226 | 226 | ||
| 227 | s->first_packet = 0; | 227 | s->internal->first_packet = 0; |
| 228 | 228 | ||
| 229 | /* | 229 | /* |
| 230 | * Check to see if we were changed into a different method, if | 230 | * Check to see if we were changed into a different method, if |
| @@ -286,7 +286,7 @@ SSL_new(SSL_CTX *ctx) | |||
| 286 | 286 | ||
| 287 | s->options = ctx->options; | 287 | s->options = ctx->options; |
| 288 | s->mode = ctx->mode; | 288 | s->mode = ctx->mode; |
| 289 | s->max_cert_list = ctx->internal->max_cert_list; | 289 | s->internal->max_cert_list = ctx->internal->max_cert_list; |
| 290 | 290 | ||
| 291 | if (ctx->internal->cert != NULL) { | 291 | if (ctx->internal->cert != NULL) { |
| 292 | /* | 292 | /* |
| @@ -306,7 +306,7 @@ SSL_new(SSL_CTX *ctx) | |||
| 306 | } else | 306 | } else |
| 307 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ | 307 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ |
| 308 | 308 | ||
| 309 | s->read_ahead = ctx->internal->read_ahead; | 309 | s->internal->read_ahead = ctx->internal->read_ahead; |
| 310 | s->internal->msg_callback = ctx->internal->msg_callback; | 310 | s->internal->msg_callback = ctx->internal->msg_callback; |
| 311 | s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; | 311 | s->internal->msg_callback_arg = ctx->internal->msg_callback_arg; |
| 312 | s->verify_mode = ctx->verify_mode; | 312 | s->verify_mode = ctx->verify_mode; |
| @@ -320,20 +320,20 @@ SSL_new(SSL_CTX *ctx) | |||
| 320 | if (!s->param) | 320 | if (!s->param) |
| 321 | goto err; | 321 | goto err; |
| 322 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); | 322 | X509_VERIFY_PARAM_inherit(s->param, ctx->param); |
| 323 | s->quiet_shutdown = ctx->internal->quiet_shutdown; | 323 | s->internal->quiet_shutdown = ctx->internal->quiet_shutdown; |
| 324 | s->max_send_fragment = ctx->internal->max_send_fragment; | 324 | s->max_send_fragment = ctx->internal->max_send_fragment; |
| 325 | 325 | ||
| 326 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); | 326 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 327 | s->ctx = ctx; | 327 | s->ctx = ctx; |
| 328 | s->internal->tlsext_debug_cb = 0; | 328 | s->internal->tlsext_debug_cb = 0; |
| 329 | s->internal->tlsext_debug_arg = NULL; | 329 | s->internal->tlsext_debug_arg = NULL; |
| 330 | s->tlsext_ticket_expected = 0; | 330 | s->internal->tlsext_ticket_expected = 0; |
| 331 | s->tlsext_status_type = -1; | 331 | s->tlsext_status_type = -1; |
| 332 | s->tlsext_status_expected = 0; | 332 | s->internal->tlsext_status_expected = 0; |
| 333 | s->tlsext_ocsp_ids = NULL; | 333 | s->internal->tlsext_ocsp_ids = NULL; |
| 334 | s->tlsext_ocsp_exts = NULL; | 334 | s->internal->tlsext_ocsp_exts = NULL; |
| 335 | s->tlsext_ocsp_resp = NULL; | 335 | s->internal->tlsext_ocsp_resp = NULL; |
| 336 | s->tlsext_ocsp_resplen = -1; | 336 | s->internal->tlsext_ocsp_resplen = -1; |
| 337 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); | 337 | CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX); |
| 338 | s->initial_ctx = ctx; | 338 | s->initial_ctx = ctx; |
| 339 | s->internal->next_proto_negotiated = NULL; | 339 | s->internal->next_proto_negotiated = NULL; |
| @@ -362,7 +362,7 @@ SSL_new(SSL_CTX *ctx) | |||
| 362 | 362 | ||
| 363 | SSL_clear(s); | 363 | SSL_clear(s); |
| 364 | 364 | ||
| 365 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 365 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); |
| 366 | 366 | ||
| 367 | return (s); | 367 | return (s); |
| 368 | 368 | ||
| @@ -497,7 +497,7 @@ SSL_free(SSL *s) | |||
| 497 | if (s->param) | 497 | if (s->param) |
| 498 | X509_VERIFY_PARAM_free(s->param); | 498 | X509_VERIFY_PARAM_free(s->param); |
| 499 | 499 | ||
| 500 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); | 500 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->internal->ex_data); |
| 501 | 501 | ||
| 502 | if (s->bbio != NULL) { | 502 | if (s->bbio != NULL) { |
| 503 | /* If the buffering BIO is in place, pop it off */ | 503 | /* If the buffering BIO is in place, pop it off */ |
| @@ -512,14 +512,14 @@ SSL_free(SSL *s) | |||
| 512 | BIO_free_all(s->rbio); | 512 | BIO_free_all(s->rbio); |
| 513 | BIO_free_all(s->wbio); | 513 | BIO_free_all(s->wbio); |
| 514 | 514 | ||
| 515 | if (s->init_buf != NULL) | 515 | if (s->internal->init_buf != NULL) |
| 516 | BUF_MEM_free(s->init_buf); | 516 | BUF_MEM_free(s->internal->init_buf); |
| 517 | 517 | ||
| 518 | /* add extra stuff */ | 518 | /* add extra stuff */ |
| 519 | if (s->cipher_list != NULL) | 519 | if (s->cipher_list != NULL) |
| 520 | sk_SSL_CIPHER_free(s->cipher_list); | 520 | sk_SSL_CIPHER_free(s->cipher_list); |
| 521 | if (s->cipher_list_by_id != NULL) | 521 | if (s->internal->cipher_list_by_id != NULL) |
| 522 | sk_SSL_CIPHER_free(s->cipher_list_by_id); | 522 | sk_SSL_CIPHER_free(s->internal->cipher_list_by_id); |
| 523 | 523 | ||
| 524 | /* Make the next call work :-) */ | 524 | /* Make the next call work :-) */ |
| 525 | if (s->session != NULL) { | 525 | if (s->session != NULL) { |
| @@ -528,8 +528,8 @@ SSL_free(SSL *s) | |||
| 528 | } | 528 | } |
| 529 | 529 | ||
| 530 | ssl_clear_cipher_ctx(s); | 530 | ssl_clear_cipher_ctx(s); |
| 531 | ssl_clear_hash_ctx(&s->read_hash); | 531 | ssl_clear_hash_ctx(&s->internal->read_hash); |
| 532 | ssl_clear_hash_ctx(&s->write_hash); | 532 | ssl_clear_hash_ctx(&s->internal->write_hash); |
| 533 | 533 | ||
| 534 | if (s->cert != NULL) | 534 | if (s->cert != NULL) |
| 535 | ssl_cert_free(s->cert); | 535 | ssl_cert_free(s->cert); |
| @@ -537,17 +537,17 @@ SSL_free(SSL *s) | |||
| 537 | 537 | ||
| 538 | free(s->tlsext_hostname); | 538 | free(s->tlsext_hostname); |
| 539 | SSL_CTX_free(s->initial_ctx); | 539 | SSL_CTX_free(s->initial_ctx); |
| 540 | free(s->tlsext_ecpointformatlist); | 540 | free(s->internal->tlsext_ecpointformatlist); |
| 541 | free(s->tlsext_ellipticcurvelist); | 541 | free(s->internal->tlsext_ellipticcurvelist); |
| 542 | if (s->tlsext_ocsp_exts) | 542 | if (s->internal->tlsext_ocsp_exts) |
| 543 | sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts, | 543 | sk_X509_EXTENSION_pop_free(s->internal->tlsext_ocsp_exts, |
| 544 | X509_EXTENSION_free); | 544 | X509_EXTENSION_free); |
| 545 | if (s->tlsext_ocsp_ids) | 545 | if (s->internal->tlsext_ocsp_ids) |
| 546 | sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free); | 546 | sk_OCSP_RESPID_pop_free(s->internal->tlsext_ocsp_ids, OCSP_RESPID_free); |
| 547 | free(s->tlsext_ocsp_resp); | 547 | free(s->internal->tlsext_ocsp_resp); |
| 548 | 548 | ||
| 549 | if (s->client_CA != NULL) | 549 | if (s->internal->client_CA != NULL) |
| 550 | sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free); | 550 | sk_X509_NAME_pop_free(s->internal->client_CA, X509_NAME_free); |
| 551 | 551 | ||
| 552 | if (s->method != NULL) | 552 | if (s->method != NULL) |
| 553 | s->method->ssl_free(s); | 553 | s->method->ssl_free(s); |
| @@ -558,8 +558,8 @@ SSL_free(SSL *s) | |||
| 558 | free(s->internal->alpn_client_proto_list); | 558 | free(s->internal->alpn_client_proto_list); |
| 559 | 559 | ||
| 560 | #ifndef OPENSSL_NO_SRTP | 560 | #ifndef OPENSSL_NO_SRTP |
| 561 | if (s->srtp_profiles) | 561 | if (s->internal->srtp_profiles) |
| 562 | sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles); | 562 | sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles); |
| 563 | #endif | 563 | #endif |
| 564 | 564 | ||
| 565 | free(s->internal); | 565 | free(s->internal); |
| @@ -779,13 +779,13 @@ SSL_set_verify_depth(SSL *s, int depth) | |||
| 779 | void | 779 | void |
| 780 | SSL_set_read_ahead(SSL *s, int yes) | 780 | SSL_set_read_ahead(SSL *s, int yes) |
| 781 | { | 781 | { |
| 782 | s->read_ahead = yes; | 782 | s->internal->read_ahead = yes; |
| 783 | } | 783 | } |
| 784 | 784 | ||
| 785 | int | 785 | int |
| 786 | SSL_get_read_ahead(const SSL *s) | 786 | SSL_get_read_ahead(const SSL *s) |
| 787 | { | 787 | { |
| 788 | return (s->read_ahead); | 788 | return (s->internal->read_ahead); |
| 789 | } | 789 | } |
| 790 | 790 | ||
| 791 | int | 791 | int |
| @@ -951,8 +951,8 @@ SSL_read(SSL *s, void *buf, int num) | |||
| 951 | return (-1); | 951 | return (-1); |
| 952 | } | 952 | } |
| 953 | 953 | ||
| 954 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | 954 | if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 955 | s->rwstate = SSL_NOTHING; | 955 | s->internal->rwstate = SSL_NOTHING; |
| 956 | return (0); | 956 | return (0); |
| 957 | } | 957 | } |
| 958 | return (s->method->ssl_read(s, buf, num)); | 958 | return (s->method->ssl_read(s, buf, num)); |
| @@ -966,7 +966,7 @@ SSL_peek(SSL *s, void *buf, int num) | |||
| 966 | return (-1); | 966 | return (-1); |
| 967 | } | 967 | } |
| 968 | 968 | ||
| 969 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) { | 969 | if (s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) { |
| 970 | return (0); | 970 | return (0); |
| 971 | } | 971 | } |
| 972 | return (s->method->ssl_peek(s, buf, num)); | 972 | return (s->method->ssl_peek(s, buf, num)); |
| @@ -980,8 +980,8 @@ SSL_write(SSL *s, const void *buf, int num) | |||
| 980 | return (-1); | 980 | return (-1); |
| 981 | } | 981 | } |
| 982 | 982 | ||
| 983 | if (s->shutdown & SSL_SENT_SHUTDOWN) { | 983 | if (s->internal->shutdown & SSL_SENT_SHUTDOWN) { |
| 984 | s->rwstate = SSL_NOTHING; | 984 | s->internal->rwstate = SSL_NOTHING; |
| 985 | SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); | 985 | SSLerr(SSL_F_SSL_WRITE, SSL_R_PROTOCOL_IS_SHUTDOWN); |
| 986 | return (-1); | 986 | return (-1); |
| 987 | } | 987 | } |
| @@ -1012,10 +1012,10 @@ SSL_shutdown(SSL *s) | |||
| 1012 | int | 1012 | int |
| 1013 | SSL_renegotiate(SSL *s) | 1013 | SSL_renegotiate(SSL *s) |
| 1014 | { | 1014 | { |
| 1015 | if (s->renegotiate == 0) | 1015 | if (s->internal->renegotiate == 0) |
| 1016 | s->renegotiate = 1; | 1016 | s->internal->renegotiate = 1; |
| 1017 | 1017 | ||
| 1018 | s->new_session = 1; | 1018 | s->internal->new_session = 1; |
| 1019 | 1019 | ||
| 1020 | return (s->method->ssl_renegotiate(s)); | 1020 | return (s->method->ssl_renegotiate(s)); |
| 1021 | } | 1021 | } |
| @@ -1023,10 +1023,10 @@ SSL_renegotiate(SSL *s) | |||
| 1023 | int | 1023 | int |
| 1024 | SSL_renegotiate_abbreviated(SSL *s) | 1024 | SSL_renegotiate_abbreviated(SSL *s) |
| 1025 | { | 1025 | { |
| 1026 | if (s->renegotiate == 0) | 1026 | if (s->internal->renegotiate == 0) |
| 1027 | s->renegotiate = 1; | 1027 | s->internal->renegotiate = 1; |
| 1028 | 1028 | ||
| 1029 | s->new_session = 0; | 1029 | s->internal->new_session = 0; |
| 1030 | 1030 | ||
| 1031 | return (s->method->ssl_renegotiate(s)); | 1031 | return (s->method->ssl_renegotiate(s)); |
| 1032 | } | 1032 | } |
| @@ -1038,7 +1038,7 @@ SSL_renegotiate_pending(SSL *s) | |||
| 1038 | * Becomes true when negotiation is requested; | 1038 | * Becomes true when negotiation is requested; |
| 1039 | * false again once a handshake has finished. | 1039 | * false again once a handshake has finished. |
| 1040 | */ | 1040 | */ |
| 1041 | return (s->renegotiate != 0); | 1041 | return (s->internal->renegotiate != 0); |
| 1042 | } | 1042 | } |
| 1043 | 1043 | ||
| 1044 | long | 1044 | long |
| @@ -1048,10 +1048,10 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1048 | 1048 | ||
| 1049 | switch (cmd) { | 1049 | switch (cmd) { |
| 1050 | case SSL_CTRL_GET_READ_AHEAD: | 1050 | case SSL_CTRL_GET_READ_AHEAD: |
| 1051 | return (s->read_ahead); | 1051 | return (s->internal->read_ahead); |
| 1052 | case SSL_CTRL_SET_READ_AHEAD: | 1052 | case SSL_CTRL_SET_READ_AHEAD: |
| 1053 | l = s->read_ahead; | 1053 | l = s->internal->read_ahead; |
| 1054 | s->read_ahead = larg; | 1054 | s->internal->read_ahead = larg; |
| 1055 | return (l); | 1055 | return (l); |
| 1056 | 1056 | ||
| 1057 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | 1057 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: |
| @@ -1067,10 +1067,10 @@ SSL_ctrl(SSL *s, int cmd, long larg, void *parg) | |||
| 1067 | case SSL_CTRL_CLEAR_MODE: | 1067 | case SSL_CTRL_CLEAR_MODE: |
| 1068 | return (s->mode &=~larg); | 1068 | return (s->mode &=~larg); |
| 1069 | case SSL_CTRL_GET_MAX_CERT_LIST: | 1069 | case SSL_CTRL_GET_MAX_CERT_LIST: |
| 1070 | return (s->max_cert_list); | 1070 | return (s->internal->max_cert_list); |
| 1071 | case SSL_CTRL_SET_MAX_CERT_LIST: | 1071 | case SSL_CTRL_SET_MAX_CERT_LIST: |
| 1072 | l = s->max_cert_list; | 1072 | l = s->internal->max_cert_list; |
| 1073 | s->max_cert_list = larg; | 1073 | s->internal->max_cert_list = larg; |
| 1074 | return (l); | 1074 | return (l); |
| 1075 | case SSL_CTRL_SET_MTU: | 1075 | case SSL_CTRL_SET_MTU: |
| 1076 | #ifndef OPENSSL_NO_DTLS1 | 1076 | #ifndef OPENSSL_NO_DTLS1 |
| @@ -1261,8 +1261,8 @@ STACK_OF(SSL_CIPHER) * | |||
| 1261 | ssl_get_ciphers_by_id(SSL *s) | 1261 | ssl_get_ciphers_by_id(SSL *s) |
| 1262 | { | 1262 | { |
| 1263 | if (s != NULL) { | 1263 | if (s != NULL) { |
| 1264 | if (s->cipher_list_by_id != NULL) { | 1264 | if (s->internal->cipher_list_by_id != NULL) { |
| 1265 | return (s->cipher_list_by_id); | 1265 | return (s->internal->cipher_list_by_id); |
| 1266 | } else if ((s->ctx != NULL) && | 1266 | } else if ((s->ctx != NULL) && |
| 1267 | (s->ctx->internal->cipher_list_by_id != NULL)) { | 1267 | (s->ctx->internal->cipher_list_by_id != NULL)) { |
| 1268 | return (s->ctx->internal->cipher_list_by_id); | 1268 | return (s->ctx->internal->cipher_list_by_id); |
| @@ -1322,7 +1322,7 @@ SSL_set_cipher_list(SSL *s, const char *str) | |||
| 1322 | STACK_OF(SSL_CIPHER) *sk; | 1322 | STACK_OF(SSL_CIPHER) *sk; |
| 1323 | 1323 | ||
| 1324 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, | 1324 | sk = ssl_create_cipher_list(s->ctx->method, &s->cipher_list, |
| 1325 | &s->cipher_list_by_id, str); | 1325 | &s->internal->cipher_list_by_id, str); |
| 1326 | /* see comment in SSL_CTX_set_cipher_list */ | 1326 | /* see comment in SSL_CTX_set_cipher_list */ |
| 1327 | if (sk == NULL) | 1327 | if (sk == NULL) |
| 1328 | return (0); | 1328 | return (0); |
| @@ -1399,7 +1399,7 @@ ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, unsigned char *p, | |||
| 1399 | } | 1399 | } |
| 1400 | 1400 | ||
| 1401 | /* Add SCSV if there are other ciphers and we're not renegotiating. */ | 1401 | /* Add SCSV if there are other ciphers and we're not renegotiating. */ |
| 1402 | if (ciphers > 0 && !s->renegotiate) { | 1402 | if (ciphers > 0 && !s->internal->renegotiate) { |
| 1403 | if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) | 1403 | if (!CBB_add_u16(&cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK)) |
| 1404 | goto err; | 1404 | goto err; |
| 1405 | } | 1405 | } |
| @@ -1456,7 +1456,7 @@ ssl_bytes_to_cipher_list(SSL *s, const unsigned char *p, int num) | |||
| 1456 | * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if | 1456 | * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if |
| 1457 | * renegotiating. | 1457 | * renegotiating. |
| 1458 | */ | 1458 | */ |
| 1459 | if (s->renegotiate) { | 1459 | if (s->internal->renegotiate) { |
| 1460 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, | 1460 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST, |
| 1461 | SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); | 1461 | SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING); |
| 1462 | ssl3_send_alert(s, SSL3_AL_FATAL, | 1462 | ssl3_send_alert(s, SSL3_AL_FATAL, |
| @@ -2274,7 +2274,7 @@ ssl_update_cache(SSL *s, int mode) | |||
| 2274 | return; | 2274 | return; |
| 2275 | 2275 | ||
| 2276 | i = s->session_ctx->internal->session_cache_mode; | 2276 | i = s->session_ctx->internal->session_cache_mode; |
| 2277 | if ((i & mode) && (!s->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) | 2277 | if ((i & mode) && (!s->internal->hit) && ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) |
| 2278 | || SSL_CTX_add_session(s->session_ctx, s->session)) | 2278 | || SSL_CTX_add_session(s->session_ctx, s->session)) |
| 2279 | && (s->session_ctx->internal->new_session_cb != NULL)) { | 2279 | && (s->session_ctx->internal->new_session_cb != NULL)) { |
| 2280 | CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); | 2280 | CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION); |
| @@ -2354,7 +2354,7 @@ SSL_get_error(const SSL *s, int i) | |||
| 2354 | * try to write to the rbio, and an application | 2354 | * try to write to the rbio, and an application |
| 2355 | * program where rbio and wbio are separate couldn't | 2355 | * program where rbio and wbio are separate couldn't |
| 2356 | * even know what it should wait for. However if we | 2356 | * even know what it should wait for. However if we |
| 2357 | * ever set s->rwstate incorrectly (so that we have | 2357 | * ever set s->internal->rwstate incorrectly (so that we have |
| 2358 | * SSL_want_read(s) instead of SSL_want_write(s)) | 2358 | * SSL_want_read(s) instead of SSL_want_write(s)) |
| 2359 | * and rbio and wbio *are* the same, this test works | 2359 | * and rbio and wbio *are* the same, this test works |
| 2360 | * around that bug; so it might be safer to keep it. | 2360 | * around that bug; so it might be safer to keep it. |
| @@ -2396,7 +2396,7 @@ SSL_get_error(const SSL *s, int i) | |||
| 2396 | } | 2396 | } |
| 2397 | 2397 | ||
| 2398 | if (i == 0) { | 2398 | if (i == 0) { |
| 2399 | if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) && | 2399 | if ((s->internal->shutdown & SSL_RECEIVED_SHUTDOWN) && |
| 2400 | (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY)) | 2400 | (S3I(s)->warn_alert == SSL_AD_CLOSE_NOTIFY)) |
| 2401 | return (SSL_ERROR_ZERO_RETURN); | 2401 | return (SSL_ERROR_ZERO_RETURN); |
| 2402 | } | 2402 | } |
| @@ -2429,26 +2429,26 @@ void | |||
| 2429 | SSL_set_accept_state(SSL *s) | 2429 | SSL_set_accept_state(SSL *s) |
| 2430 | { | 2430 | { |
| 2431 | s->server = 1; | 2431 | s->server = 1; |
| 2432 | s->shutdown = 0; | 2432 | s->internal->shutdown = 0; |
| 2433 | s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; | 2433 | s->state = SSL_ST_ACCEPT|SSL_ST_BEFORE; |
| 2434 | s->internal->handshake_func = s->method->ssl_accept; | 2434 | s->internal->handshake_func = s->method->ssl_accept; |
| 2435 | /* clear the current cipher */ | 2435 | /* clear the current cipher */ |
| 2436 | ssl_clear_cipher_ctx(s); | 2436 | ssl_clear_cipher_ctx(s); |
| 2437 | ssl_clear_hash_ctx(&s->read_hash); | 2437 | ssl_clear_hash_ctx(&s->internal->read_hash); |
| 2438 | ssl_clear_hash_ctx(&s->write_hash); | 2438 | ssl_clear_hash_ctx(&s->internal->write_hash); |
| 2439 | } | 2439 | } |
| 2440 | 2440 | ||
| 2441 | void | 2441 | void |
| 2442 | SSL_set_connect_state(SSL *s) | 2442 | SSL_set_connect_state(SSL *s) |
| 2443 | { | 2443 | { |
| 2444 | s->server = 0; | 2444 | s->server = 0; |
| 2445 | s->shutdown = 0; | 2445 | s->internal->shutdown = 0; |
| 2446 | s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; | 2446 | s->state = SSL_ST_CONNECT|SSL_ST_BEFORE; |
| 2447 | s->internal->handshake_func = s->method->ssl_connect; | 2447 | s->internal->handshake_func = s->method->ssl_connect; |
| 2448 | /* clear the current cipher */ | 2448 | /* clear the current cipher */ |
| 2449 | ssl_clear_cipher_ctx(s); | 2449 | ssl_clear_cipher_ctx(s); |
| 2450 | ssl_clear_hash_ctx(&s->read_hash); | 2450 | ssl_clear_hash_ctx(&s->internal->read_hash); |
| 2451 | ssl_clear_hash_ctx(&s->write_hash); | 2451 | ssl_clear_hash_ctx(&s->internal->write_hash); |
| 2452 | } | 2452 | } |
| 2453 | 2453 | ||
| 2454 | int | 2454 | int |
| @@ -2609,7 +2609,7 @@ SSL_dup(SSL *s) | |||
| 2609 | return (NULL); | 2609 | return (NULL); |
| 2610 | 2610 | ||
| 2611 | ret->version = s->version; | 2611 | ret->version = s->version; |
| 2612 | ret->type = s->type; | 2612 | ret->internal->type = s->internal->type; |
| 2613 | ret->method = s->method; | 2613 | ret->method = s->method; |
| 2614 | 2614 | ||
| 2615 | if (s->session != NULL) { | 2615 | if (s->session != NULL) { |
| @@ -2653,11 +2653,11 @@ SSL_dup(SSL *s) | |||
| 2653 | 2653 | ||
| 2654 | SSL_set_info_callback(ret, SSL_get_info_callback(s)); | 2654 | SSL_set_info_callback(ret, SSL_get_info_callback(s)); |
| 2655 | 2655 | ||
| 2656 | ret->debug = s->debug; | 2656 | ret->internal->debug = s->internal->debug; |
| 2657 | 2657 | ||
| 2658 | /* copy app data, a little dangerous perhaps */ | 2658 | /* copy app data, a little dangerous perhaps */ |
| 2659 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, | 2659 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, |
| 2660 | &ret->ex_data, &s->ex_data)) | 2660 | &ret->internal->ex_data, &s->internal->ex_data)) |
| 2661 | goto err; | 2661 | goto err; |
| 2662 | 2662 | ||
| 2663 | /* setup rbio, and wbio */ | 2663 | /* setup rbio, and wbio */ |
| @@ -2672,14 +2672,14 @@ SSL_dup(SSL *s) | |||
| 2672 | } else | 2672 | } else |
| 2673 | ret->wbio = ret->rbio; | 2673 | ret->wbio = ret->rbio; |
| 2674 | } | 2674 | } |
| 2675 | ret->rwstate = s->rwstate; | 2675 | ret->internal->rwstate = s->internal->rwstate; |
| 2676 | ret->internal->in_handshake = s->internal->in_handshake; | 2676 | ret->internal->in_handshake = s->internal->in_handshake; |
| 2677 | ret->internal->handshake_func = s->internal->handshake_func; | 2677 | ret->internal->handshake_func = s->internal->handshake_func; |
| 2678 | ret->server = s->server; | 2678 | ret->server = s->server; |
| 2679 | ret->renegotiate = s->renegotiate; | 2679 | ret->internal->renegotiate = s->internal->renegotiate; |
| 2680 | ret->new_session = s->new_session; | 2680 | ret->internal->new_session = s->internal->new_session; |
| 2681 | ret->quiet_shutdown = s->quiet_shutdown; | 2681 | ret->internal->quiet_shutdown = s->internal->quiet_shutdown; |
| 2682 | ret->shutdown = s->shutdown; | 2682 | ret->internal->shutdown = s->internal->shutdown; |
| 2683 | /* SSL_dup does not really work at any state, though */ | 2683 | /* SSL_dup does not really work at any state, though */ |
| 2684 | ret->state=s->state; | 2684 | ret->state=s->state; |
| 2685 | ret->rstate = s->rstate; | 2685 | ret->rstate = s->rstate; |
| @@ -2688,9 +2688,9 @@ SSL_dup(SSL *s) | |||
| 2688 | * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, | 2688 | * Would have to copy ret->init_buf, ret->init_msg, ret->init_num, |
| 2689 | * ret->init_off | 2689 | * ret->init_off |
| 2690 | */ | 2690 | */ |
| 2691 | ret->init_num = 0; | 2691 | ret->internal->init_num = 0; |
| 2692 | 2692 | ||
| 2693 | ret->hit = s->hit; | 2693 | ret->internal->hit = s->internal->hit; |
| 2694 | 2694 | ||
| 2695 | X509_VERIFY_PARAM_inherit(ret->param, s->param); | 2695 | X509_VERIFY_PARAM_inherit(ret->param, s->param); |
| 2696 | 2696 | ||
| @@ -2700,16 +2700,16 @@ SSL_dup(SSL *s) | |||
| 2700 | sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) | 2700 | sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) |
| 2701 | goto err; | 2701 | goto err; |
| 2702 | } | 2702 | } |
| 2703 | if (s->cipher_list_by_id != NULL) { | 2703 | if (s->internal->cipher_list_by_id != NULL) { |
| 2704 | if ((ret->cipher_list_by_id = | 2704 | if ((ret->internal->cipher_list_by_id = |
| 2705 | sk_SSL_CIPHER_dup(s->cipher_list_by_id)) == NULL) | 2705 | sk_SSL_CIPHER_dup(s->internal->cipher_list_by_id)) == NULL) |
| 2706 | goto err; | 2706 | goto err; |
| 2707 | } | 2707 | } |
| 2708 | 2708 | ||
| 2709 | /* Dup the client_CA list */ | 2709 | /* Dup the client_CA list */ |
| 2710 | if (s->client_CA != NULL) { | 2710 | if (s->internal->client_CA != NULL) { |
| 2711 | if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; | 2711 | if ((sk = sk_X509_NAME_dup(s->internal->client_CA)) == NULL) goto err; |
| 2712 | ret->client_CA = sk; | 2712 | ret->internal->client_CA = sk; |
| 2713 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { | 2713 | for (i = 0; i < sk_X509_NAME_num(sk); i++) { |
| 2714 | xn = sk_X509_NAME_value(sk, i); | 2714 | xn = sk_X509_NAME_value(sk, i); |
| 2715 | if (sk_X509_NAME_set(sk, i, | 2715 | if (sk_X509_NAME_set(sk, i, |
| @@ -2732,20 +2732,20 @@ err: | |||
| 2732 | void | 2732 | void |
| 2733 | ssl_clear_cipher_ctx(SSL *s) | 2733 | ssl_clear_cipher_ctx(SSL *s) |
| 2734 | { | 2734 | { |
| 2735 | EVP_CIPHER_CTX_free(s->enc_read_ctx); | 2735 | EVP_CIPHER_CTX_free(s->internal->enc_read_ctx); |
| 2736 | s->enc_read_ctx = NULL; | 2736 | s->internal->enc_read_ctx = NULL; |
| 2737 | EVP_CIPHER_CTX_free(s->enc_write_ctx); | 2737 | EVP_CIPHER_CTX_free(s->internal->enc_write_ctx); |
| 2738 | s->enc_write_ctx = NULL; | 2738 | s->internal->enc_write_ctx = NULL; |
| 2739 | 2739 | ||
| 2740 | if (s->aead_read_ctx != NULL) { | 2740 | if (s->internal->aead_read_ctx != NULL) { |
| 2741 | EVP_AEAD_CTX_cleanup(&s->aead_read_ctx->ctx); | 2741 | EVP_AEAD_CTX_cleanup(&s->internal->aead_read_ctx->ctx); |
| 2742 | free(s->aead_read_ctx); | 2742 | free(s->internal->aead_read_ctx); |
| 2743 | s->aead_read_ctx = NULL; | 2743 | s->internal->aead_read_ctx = NULL; |
| 2744 | } | 2744 | } |
| 2745 | if (s->aead_write_ctx != NULL) { | 2745 | if (s->internal->aead_write_ctx != NULL) { |
| 2746 | EVP_AEAD_CTX_cleanup(&s->aead_write_ctx->ctx); | 2746 | EVP_AEAD_CTX_cleanup(&s->internal->aead_write_ctx->ctx); |
| 2747 | free(s->aead_write_ctx); | 2747 | free(s->internal->aead_write_ctx); |
| 2748 | s->aead_write_ctx = NULL; | 2748 | s->internal->aead_write_ctx = NULL; |
| 2749 | } | 2749 | } |
| 2750 | 2750 | ||
| 2751 | } | 2751 | } |
| @@ -2852,25 +2852,25 @@ SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx) | |||
| 2852 | void | 2852 | void |
| 2853 | SSL_set_quiet_shutdown(SSL *s, int mode) | 2853 | SSL_set_quiet_shutdown(SSL *s, int mode) |
| 2854 | { | 2854 | { |
| 2855 | s->quiet_shutdown = mode; | 2855 | s->internal->quiet_shutdown = mode; |
| 2856 | } | 2856 | } |
| 2857 | 2857 | ||
| 2858 | int | 2858 | int |
| 2859 | SSL_get_quiet_shutdown(const SSL *s) | 2859 | SSL_get_quiet_shutdown(const SSL *s) |
| 2860 | { | 2860 | { |
| 2861 | return (s->quiet_shutdown); | 2861 | return (s->internal->quiet_shutdown); |
| 2862 | } | 2862 | } |
| 2863 | 2863 | ||
| 2864 | void | 2864 | void |
| 2865 | SSL_set_shutdown(SSL *s, int mode) | 2865 | SSL_set_shutdown(SSL *s, int mode) |
| 2866 | { | 2866 | { |
| 2867 | s->shutdown = mode; | 2867 | s->internal->shutdown = mode; |
| 2868 | } | 2868 | } |
| 2869 | 2869 | ||
| 2870 | int | 2870 | int |
| 2871 | SSL_get_shutdown(const SSL *s) | 2871 | SSL_get_shutdown(const SSL *s) |
| 2872 | { | 2872 | { |
| 2873 | return (s->shutdown); | 2873 | return (s->internal->shutdown); |
| 2874 | } | 2874 | } |
| 2875 | 2875 | ||
| 2876 | int | 2876 | int |
| @@ -2973,13 +2973,13 @@ SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | |||
| 2973 | int | 2973 | int |
| 2974 | SSL_set_ex_data(SSL *s, int idx, void *arg) | 2974 | SSL_set_ex_data(SSL *s, int idx, void *arg) |
| 2975 | { | 2975 | { |
| 2976 | return (CRYPTO_set_ex_data(&s->ex_data, idx, arg)); | 2976 | return (CRYPTO_set_ex_data(&s->internal->ex_data, idx, arg)); |
| 2977 | } | 2977 | } |
| 2978 | 2978 | ||
| 2979 | void * | 2979 | void * |
| 2980 | SSL_get_ex_data(const SSL *s, int idx) | 2980 | SSL_get_ex_data(const SSL *s, int idx) |
| 2981 | { | 2981 | { |
| 2982 | return (CRYPTO_get_ex_data(&s->ex_data, idx)); | 2982 | return (CRYPTO_get_ex_data(&s->internal->ex_data, idx)); |
| 2983 | } | 2983 | } |
| 2984 | 2984 | ||
| 2985 | int | 2985 | int |
| @@ -3025,7 +3025,7 @@ SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store) | |||
| 3025 | int | 3025 | int |
| 3026 | SSL_want(const SSL *s) | 3026 | SSL_want(const SSL *s) |
| 3027 | { | 3027 | { |
| 3028 | return (s->rwstate); | 3028 | return (s->internal->rwstate); |
| 3029 | } | 3029 | } |
| 3030 | 3030 | ||
| 3031 | void | 3031 | void |
| @@ -3098,13 +3098,13 @@ ssl_clear_hash_ctx(EVP_MD_CTX **hash) | |||
| 3098 | void | 3098 | void |
| 3099 | SSL_set_debug(SSL *s, int debug) | 3099 | SSL_set_debug(SSL *s, int debug) |
| 3100 | { | 3100 | { |
| 3101 | s->debug = debug; | 3101 | s->internal->debug = debug; |
| 3102 | } | 3102 | } |
| 3103 | 3103 | ||
| 3104 | int | 3104 | int |
| 3105 | SSL_cache_hit(SSL *s) | 3105 | SSL_cache_hit(SSL *s) |
| 3106 | { | 3106 | { |
| 3107 | return (s->hit); | 3107 | return (s->internal->hit); |
| 3108 | } | 3108 | } |
| 3109 | 3109 | ||
| 3110 | 3110 | ||